0239524cff2449247834bb5485159211ac7204a7d142654fbbdf6d2002c872f9

Analysis

max time kernel
125s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 06:58

Target

0239524cff2449247834bb5485159211ac7204a7d142654fbbdf6d2002c872f9.dll
Size

144KB
MD5

c7d775b03af2e7ec71f23fa3f736db90
SHA1

cba7fea8d187ceb42d556f060253b68bcfd1a43c
SHA256

0239524cff2449247834bb5485159211ac7204a7d142654fbbdf6d2002c872f9
SHA512

10760ab4549a469431f6b5d2e070fdc765228a646ca350f42cc1b263a16612c14977ccf24476e0b4c82952d783bbe7cf9acedef3f534760610cd0f735cbff5a8
SSDEEP

3072:zUDSrg2py+8gbTlu0XBoVbxgGvIWyi7wzhMr2hsqHvz9g+:QDOlpyF8DoVPv4UGhMahsEvz9g

Score

8^/10

vmprotect

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
behavioral1/memory/596-56-0x0000000010000000-0x0000000010059000-memory.dmp	vmprotect
behavioral1/memory/596-59-0x0000000010000000-0x0000000010059000-memory.dmp	vmprotect

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 472 wrote to memory of 596	472	rundll32.exe	28
PID 472 wrote to memory of 596	472	rundll32.exe	28
PID 472 wrote to memory of 596	472	rundll32.exe	28
PID 472 wrote to memory of 596	472	rundll32.exe	28
PID 472 wrote to memory of 596	472	rundll32.exe	28
PID 472 wrote to memory of 596	472	rundll32.exe	28
PID 472 wrote to memory of 596	472	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0239524cff2449247834bb5485159211ac7204a7d142654fbbdf6d2002c872f9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:472
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0239524cff2449247834bb5485159211ac7204a7d142654fbbdf6d2002c872f9.dll,#1
  2⤵
  PID:596

memory/596-55-0x0000000075FF1000-0x0000000075FF3000-memory.dmp

Filesize
8KB

Download
memory/596-56-0x0000000010000000-0x0000000010059000-memory.dmp

Filesize
356KB

Download
memory/596-59-0x0000000010000000-0x0000000010059000-memory.dmp

Filesize
356KB

Download